blahajs
SRC: https://library.m0unt41n.ch/challenges/blahajs
The only real discoverable functionality in this challenge is the image display via a GET parameter name and endpoint /image. The rest of the challenge is just displaying of said images and its sourceless. Soo i first tried a directory traversal to obtain a flag.txt and ye first try got it.
...1ba5.library.m0unt41n.ch:1337/image?name=../../../flag.txt
SRC: https://library.m0unt41n.ch/challenges/blahajs
The only real discoverable functionality in this challenge is the image display via a GET parameter name and endpoint /image. The rest of the challenge is just displaying of said images and its sourceless. Soo i first tried a directory traversal to obtain a flag.txt and ye first try got it.
...1ba5.library.m0unt41n.ch:1337/image?name=../../../flag.txt
